ID

VAR-201806-1777


CVE

CVE-2018-4833


TITLE

plural Siemens Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-006612

DESCRIPTION

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request. plural Siemens The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). The SCALANCE X-204RNA Industrial Ethernet network access point enables the connection of non-PRP terminal devices. The RUGGEDDCOM WiMAX product line offers a dedicated wireless WAN solution. The RFID 181-EIP is an RFID communication module for Ethernet/IP that connects two serial SIMATIC identification readers to an Ethernet/IP scanner. The SIMATIC RF182C is an RFID communication module for Ethernet TCP/IP and XML for connecting two serial SIMAITC identification readers to a PC or other programmable device that can communicate via Ethernet TCP/IP and XML. Multiple SIEMENS product heap overflow vulnerabilities. An attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application. Siemens RFID 181-EIP, etc. are all products of Germany's Siemens (Siemens). SCALANCE X-200 is an industrial grade Ethernet switch product. The following products and versions are affected: Siemens RFID 181-EIP; RUGGEDCOM WiMAX Version 4.4, Version 4.5; SCALANCE X-200 up to 5.2.3; SCALANCE X-200 IRT up to 5.4.1; SCALANCE X-204RNA; SCALANCE X- 300; SCALANCE X408; SCALANCE X414; SIMATIC RF182C

Trust: 2.7

sources: NVD: CVE-2018-4833 // JVNDB: JVNDB-2018-006612 // CNVD: CNVD-2018-11400 // BID: 104482 // IVD: e2f3a541-39ab-11e9-815a-000c29342cb1 // VULHUB: VHN-134864

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f3a541-39ab-11e9-815a-000c29342cb1 // CNVD: CNVD-2018-11400

AFFECTED PRODUCTS

vendor:siemensmodel:ruggedcom wimaxscope:eqversion:4.5

Trust: 2.7

vendor:siemensmodel:ruggedcom wimaxscope:eqversion:4.4

Trust: 2.7

vendor:siemensmodel:scalance x200scope:ltversion:5.2.3

Trust: 1.8

vendor:siemensmodel:rfid 181-eipscope:eqversion: -

Trust: 1.6

vendor:siemensmodel:scalance x300scope:eqversion: -

Trust: 1.6

vendor:siemensmodel:simatic rf182cscope:eqversion: -

Trust: 1.6

vendor:siemensmodel:scalance x408scope:eqversion: -

Trust: 1.6

vendor:siemensmodel:scalance x414scope:eqversion: -

Trust: 1.6

vendor:siemensmodel:scalance x204rnascope:eqversion: -

Trust: 1.6

vendor:siemensmodel:rfid 181-eipscope: - version: -

Trust: 1.4

vendor:siemensmodel:simatic rf182cscope: - version: -

Trust: 1.4

vendor:siemensmodel:scalance x200irtscope:ltversion:5.4.1

Trust: 1.0

vendor:siemensmodel:scalance x-300scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x200 irtscope:ltversion:5.4.1

Trust: 0.8

vendor:siemensmodel:scalance x204rnascope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x408scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x414scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalancescope:eqversion:x408

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x414

Trust: 0.6

vendor:siemensmodel:scalance irtscope:eqversion:x-200<5.4.1

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x-200<5.2.3

Trust: 0.6

vendor:siemensmodel:ruggedcom wimaxscope:eqversion:v4.4

Trust: 0.6

vendor:siemensmodel:ruggedcom wimaxscope:eqversion:v4.5

Trust: 0.6

vendor:siemensmodel:scalance x-204rnascope: - version: -

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x-300

Trust: 0.6

vendor:siemensmodel:scalance x200irtscope:eqversion:5.1.0

Trust: 0.6

vendor:siemensmodel:scalance x200irtscope:eqversion:5.0.0

Trust: 0.6

vendor:siemensmodel:simatic rf182cscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x4140

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x4080

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3000

Trust: 0.3

vendor:siemensmodel:scalance x-204rnascope:eqversion:0

Trust: 0.3

vendor:siemensmodel:scalance irtscope:eqversion:x-2000

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-2000

Trust: 0.3

vendor:siemensmodel:rfid 181-eipscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:scalance irtscope:neversion:x-2005.4.1

Trust: 0.3

vendor:siemensmodel:scalancescope:neversion:x-2005.2.3

Trust: 0.3

vendor:rfid 181 eipmodel: - scope:eqversion: -

Trust: 0.2

vendor:ruggedcom wimaxmodel: - scope:eqversion:4.4

Trust: 0.2

vendor:ruggedcom wimaxmodel: - scope:eqversion:4.5

Trust: 0.2

vendor:scalance x200model: - scope:eqversion:*

Trust: 0.2

vendor:scalance x200irtmodel: - scope:eqversion:*

Trust: 0.2

vendor:scalance x204rnamodel: - scope:eqversion: -

Trust: 0.2

vendor:scalance x300model: - scope:eqversion: -

Trust: 0.2

vendor:scalance x408model: - scope:eqversion: -

Trust: 0.2

vendor:scalance x414model: - scope:eqversion: -

Trust: 0.2

vendor:simatic rf182cmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: e2f3a541-39ab-11e9-815a-000c29342cb1 // CNVD: CNVD-2018-11400 // BID: 104482 // JVNDB: JVNDB-2018-006612 // CNNVD: CNNVD-201806-876 // NVD: CVE-2018-4833

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4833
value: HIGH

Trust: 1.0

NVD: CVE-2018-4833
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-11400
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201806-876
value: HIGH

Trust: 0.6

IVD: e2f3a541-39ab-11e9-815a-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-134864
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4833
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11400
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f3a541-39ab-11e9-815a-000c29342cb1
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-134864
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4833
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f3a541-39ab-11e9-815a-000c29342cb1 // CNVD: CNVD-2018-11400 // VULHUB: VHN-134864 // JVNDB: JVNDB-2018-006612 // CNNVD: CNNVD-201806-876 // NVD: CVE-2018-4833

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-122

Trust: 1.0

sources: VULHUB: VHN-134864 // JVNDB: JVNDB-2018-006612 // NVD: CVE-2018-4833

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201806-876

TYPE

Input validation error

Trust: 1.1

sources: IVD: e2f3a541-39ab-11e9-815a-000c29342cb1 // BID: 104482 // CNNVD: CNNVD-201806-876

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006612

PATCH

title:SSA-181018url:https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf

Trust: 0.8

title:Patches for multiple SIEMENS product heap overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/131863

Trust: 0.6

title:Multiple Siemens Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80924

Trust: 0.6

sources: CNVD: CNVD-2018-11400 // JVNDB: JVNDB-2018-006612 // CNNVD: CNNVD-201806-876

EXTERNAL IDS

db:NVDid:CVE-2018-4833

Trust: 3.6

db:SIEMENSid:SSA-181018

Trust: 2.3

db:ICS CERTid:ICSA-18-165-01

Trust: 1.7

db:BIDid:104482

Trust: 1.0

db:CNVDid:CNVD-2018-11400

Trust: 0.8

db:CNNVDid:CNNVD-201806-876

Trust: 0.8

db:JVNDBid:JVNDB-2018-006612

Trust: 0.8

db:IVDid:E2F3A541-39AB-11E9-815A-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-134864

Trust: 0.1

sources: IVD: e2f3a541-39ab-11e9-815a-000c29342cb1 // CNVD: CNVD-2018-11400 // VULHUB: VHN-134864 // BID: 104482 // JVNDB: JVNDB-2018-006612 // CNNVD: CNNVD-201806-876 // NVD: CVE-2018-4833

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf

Trust: 2.3

url:https://ics-cert.us-cert.gov/advisories/icsa-18-165-01

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4833

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-4833

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-18-165-01

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-18-165-01

Trust: 0.6

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2018-11400 // VULHUB: VHN-134864 // BID: 104482 // JVNDB: JVNDB-2018-006612 // CNNVD: CNNVD-201806-876 // NVD: CVE-2018-4833

CREDITS

Dr. Ang Cui and Joseph Pantoga from Red Balloon

Trust: 0.3

sources: BID: 104482

SOURCES

db:IVDid:e2f3a541-39ab-11e9-815a-000c29342cb1
db:CNVDid:CNVD-2018-11400
db:VULHUBid:VHN-134864
db:BIDid:104482
db:JVNDBid:JVNDB-2018-006612
db:CNNVDid:CNNVD-201806-876
db:NVDid:CVE-2018-4833

LAST UPDATE DATE

2024-08-14T14:19:56.983000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-11400date:2018-06-13T00:00:00
db:VULHUBid:VHN-134864date:2020-01-16T00:00:00
db:BIDid:104482date:2018-06-14T00:00:00
db:JVNDBid:JVNDB-2018-006612date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201806-876date:2020-12-16T00:00:00
db:NVDid:CVE-2018-4833date:2020-12-14T21:15:13.660

SOURCES RELEASE DATE

db:IVDid:e2f3a541-39ab-11e9-815a-000c29342cb1date:2018-06-13T00:00:00
db:CNVDid:CNVD-2018-11400date:2018-06-13T00:00:00
db:VULHUBid:VHN-134864date:2018-06-14T00:00:00
db:BIDid:104482date:2018-06-14T00:00:00
db:JVNDBid:JVNDB-2018-006612date:2018-08-28T00:00:00
db:CNNVDid:CNNVD-201806-876date:2018-06-13T00:00:00
db:NVDid:CVE-2018-4833date:2018-06-14T16:29:00.333